On Fri, May 14, 2010 at 13:44, Larry Stone <lston...@stonejongleux.com> wrote: > On 5/14/10 3:19 AM, Markus Schwengel at markus.schwen...@googlemail.com > wrote: > > >>>> When a virus is found postfix sends a message like the one I posted >>>> earlier. Is this not a DSN generated by postfix? I'm confused... >>> >>> >>> We need to see log entries of an entire infected message transaction. >>> >>> >>> >> >> >> here you go: >> >> postfix/pickup[9871]: 445AE1EAEB1: uid=33 from=<SENDER> >> postfix/cleanup[9878]: 445AE1EAEB1: message-id=<1273824671.91686-9...@host> >> postfix/cleanup[9878]: 445AE1EAEB1: milter-reject: END-OF-MESSAGE from >> localhost[127.0.0.1]: \ >> 5.7.1 Virus Eicar-Test-Signature found!; from=<SENDER> to=<RECEIVER> >> postfix/cleanup[9878]: 445AE1EAEB1: to=<RECEIVER>, >> orig_to=<@HOST:RECEIVER>, relay=none, delay=0.11, \ >> delays=0.11/0/0/0, dsn=5.7.1, status=bounced (Virus >> Eicar-Test-Signature found!) >> postfix/cleanup[9882]: 5CFE71EAEB3: >> message-id=<20100514081111.5cfe71ea...@host> >> postfix/qmgr[9870]: 5CFE71EAEB3: from=<>, size=2559, nrcpt=1 (queue active) >> postfix/bounce[9880]: 445AE1EAEB1: sender non-delivery notification: >> 5CFE71EAEB3 >> postfix/smtp[9883]: 5CFE71EAEB3: to=<SENDER>, >> relay=192.168.30.11[192.168.30.11]:25, delay=0.07, \ >> delays=0.02/0.01/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: >> queued as 5F8193955D9) >> postfix/qmgr[9870]: 5CFE71EAEB3: removed > > Looks like this message is originating locally so your Postfix is acting as > both client (sending) and server (receiving) for the message. So yes, > Postfix is generating that DSN but it's doing so as the sending Postfix. Try > testing with a message originating externally and you should see your local > Postfix reject the message, not accept it and then generate a DSN. > > -- > Larry Stone > lston...@stonejongleux.com > http://www.stonejongleux.com/ > > >
True, the message is generated locally. But this is exactly what I need. So the question remains the same: How can i tell postfix to not include the original message in the DSN or at least strip the attachment?
